If you use Chrome, install the Chromebleed checker, which “[d]isplays a warning if the site you are browsing is affected by the Heartbleed bug.” But no major site should still have flawed SSL software on Wednesday.

Web encryption 101

Netscape introduced SSL (secure socket layer) encryption in 1994. Websites that are sharing information securely show that in two ways: the protocol is https instead of http, and you’ll see a lock alongside the URL in the browser.

On an encrypted site, if someone is “listening in” to the transaction between your computer and the web server, they’ll hear (read) only noise, not plain talk (text).

Today OpenSSL is the dominant form of web encryption, and no one knows how many sites are at risk. However, Apache and nginx run about two-thirds of the sites on the web; both use OpenSSL. “The code library is also used to protect email servers, chat servers, virtual private networks and other networking appliances,” according to PC World. Note: not all passwords are encrypted with SSL.

What you may not have realized is that Evernote’s email announcing the problem – a much more transparent and prompt response to the issue than most of the tech giants who preceded them down this path – included what looked like a spoofed link to a password-reset page.